Creating an RSA-4096 SSL certificate
2 min readSep 11, 2023
TLDR;
openssl genpkey -algorithm RSA -out private_key.pem -pkeyopt rsa_keygen_bits:4096
openssl rsa -in private_key.pem -pubout -out public_key.pem
openssl req -new -key private_key.pem -out csr.pem
certbot certonly --csr csr.pem
- Generate RSA Private Key:
openssl genpkey -algorithm RSA -out private_key.pem -pkeyopt rsa_keygen_bits:4096
- This command generates an RSA private key with a key length of 4096 bits and saves it to a file named
private_key.pem
. The private key is a crucial component of SSL/TLS encryption and is used to secure communication between a server and clients.
2. Generate RSA Public Key:
openssl rsa -in private_key.pem -pubout -out public_key.pem
- This command derives the corresponding RSA public key from the private key stored in
private_key.pem
and saves it to a file namedpublic_key.pem
. The public key is used to encrypt data that only the private key holder can decrypt.
3. Generate Certificate Signing Request (CSR):
openssl req -new -key private_key.pem -out csr.pem
- This command generates a Certificate Signing Request (CSR) using the private key from
private_key.pem
. A CSR contains information about the entity requesting the certificate (e.g., a website), including the public key, and is used to request a digital certificate from a Certificate Authority (CA).
4. Request an SSL Certificate from Certbot:
certbot certonly --csr csr.pem
- This command uses Certbot, a tool for managing SSL certificates, to request an SSL certificate based on the CSR generated in the previous step (
csr.pem
). Certbot will typically interact with a CA to obtain a signed SSL certificate. The obtained certificate will be stored in a location specified during the Certbot setup.
The entire process involves creating a private key, deriving a public key from it, generating a CSR with the necessary information, and then using Certbot to request a signed SSL certificate from a CA. Once you have the signed certificate, you can configure your web server or application to use it for secure HTTPS communication, enhancing the security of your website or service.
Cheers!